Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML _security/saml/authenticate API should return realm name used for authentication #52053

Closed
azasypkin opened this issue Feb 7, 2020 · 1 comment · Fixed by #52188
Closed

SAML _security/saml/authenticate API should return realm name used for authentication #52053

azasypkin opened this issue Feb 7, 2020 · 1 comment · Fixed by #52188
Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)

Comments

@azasypkin
Copy link
Member

Currently response of _security/saml/authenticate includes only username, access_token, refresh_token and expires_in. That means that if consumer doesn't provide an optional realm parameter they don't know what realm was used to perform authentication unless they send a subsequent request to /_security/_authenticate and read authentication_realm field.

It's not critical, but rather nice to have since Kibana relies on the realm name for various use cases and it'd be ideal to avoid additional /_security/_authenticate call right after _security/saml/authenticate.

/cc @jkakavas
@azasypkin azasypkin added >enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels Feb 7, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Authentication)

@azasypkin azasypkin mentioned this issue Feb 7, 2020
Merged
@jkakavas jkakavas mentioned this issue Feb 11, 2020
Merged
@azasypkin azasypkin mentioned this issue Mar 5, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Return realm name in SAML Authenticate API jkakavas/elasticsearch
2 participants
@azasypkin @elasticmachine